nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

back to article
Healthcare billing biz AccuDoc 'fesses up to breach that blabbed 2.65m people's data

cbars

SQL Injection

Still on top

a_yank_lurker
Silver badge

Re: SQL Injection

Too often the breach is caused by not fixing a know problem such as SQL injection or by not patching the code because it is too inconvenient. So a breach is inevitable when a black hat stumbles across them and given some the problems just about barely breathing script kiddie could hack some of these outfits.

hellwig
Silver badge

2.65m people?

Let's see, scaling for length of breach, bonus multiplier for SSNs.... that should be a fine of at least $50,000. Boy oh boy, that's gonna show them.

And that identify protection only lasts for a year (that's all Equifax and Experian each gave me when they were breached). So if I'm a hacker stealing SSNs, wait a year. Most of those SSNs (unlike credit card numbers) will still be valid.

Mark 85
Silver badge

Re: 2.65m people?

Surprisingly, even if some of those died during the wait, the SSN would still be valid. SS has some issues with being able to shut down an SSN.

GnuTzu
Bronze badge
Thumb Down

"We take health care privacy very seriously."

Insert usual rant about this phrase here. Do they realize this is coming to mean the opposite of what it should?

Pascal Monett
Silver badge

Of course not - it's their first time.

We, on the other hand, have seen it invoked a thousand times. We know that this is the Band-Aid you put on an open wound. When it's too late.

Anonymous Coward
Anonymous Coward

So, that's AccuDoxx now?

Not good.

Anonymous Coward
Anonymous Coward

I have so many "1 year free credit monitoring" offers that I could pass them along to my children and grandchildren and they would never run out - seriously, one of our credit cards is being replaced (for the 4th time in as many years) due to a corporate data breach, and then there are the debit card replacements, and just general company, organization and government technical security incompetence.

0

Fungus Bob
Silver badge
FAIL

"It did not include any financial details or medical records"

Riiiiiiight...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing